2,626 research outputs found
Attack trees in Isabelle
In this paper, we present a proof theory for attack trees. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL. The application is illustrated on the example of a healthcare IoT system and GDPR compliance verification
Globally reasoning about localised security policies in distributed systems
In this report, we aim at establishing proper ways for model checking the
global security of distributed systems, which are designed consisting of set of
localised security policies that enforce specific issues about the security
expected.
The systems are formally specified following a syntax, defined in detail in
this report, and their behaviour is clearly established by the Semantics, also
defined in detail in this report. The systems include the formal attachment of
security policies into their locations, whose intended interactions are trapped
by the policies, aiming at taking access control decisions of the system, and
the Semantics also takes care of this.
Using the Semantics, a Labelled Transition System (LTS) can be induced for
every particular system, and over this LTS some model checking tasks could be
done. We identify how this LTS is indeed obtained, and propose an alternative
way of model checking the not-yet-induced LTS, by using the system design
directly. This may lead to over-approximation thereby producing imprecise,
though safe, results. We restrict ourselves to finite systems, in the sake of
being certain about the decidability of the proposed method.
To illustrate the usefulness and validity of our proposal, we present 2 small
case-study-like examples, where we show how the system can be specified, which
policies could be added to it, and how to decide if the desired global security
property is met.
Finally, an Appendix is given for digging deeply into how a tool for
automatically performing this task is being built, including some
implementation issues. The tool takes advantage of the proposed method, and
given some system and some desired global security property, it safely (i.e.
without false positives) ensures satisfaction of it
Attack Trees in Isabelle extended with probabilities for Quantum Cryptography
In this paper, we present a proof calculus for Attack Trees and how its application to Quantum Cryptography is made possible by extending the framework to probabilistic reasoning on attacks. Attack trees are a well established and useful model for the construction of attacks on systems since they allow a stepwise exploration of high level attacks in application scenarios. Using the expressiveness of Higher Order Logic in Isabelle, we succeed in developing a generic theory of attack trees with a state-based semantics based on Kripke structures and CTL. The resulting framework allows mechanically supported logic analysis of the meta-theory of the proof calculus of attack trees and at the same time the developed proof theory enables application to case studies. A central correctness and completeness result proved in Isabelle establishes a connection between the notion of attack tree validity and CTL.
Furthermore in this paper, we illustrate the application of Attack Trees to security protocols on the example of the Quantum Key Distribution (QKD) algorithm. The application motivates the extension of the Attack Tree proof calculus by probabilities. We therefore introduce probabilities to quantify finite event sequences and show how this extension can be used to extend CTL to its probabilistic version PCTL. We show on the example of QKD how probabilistic reasoning with PCTL enables proof of quantitative security properties
Distributed Differential Privacy and Applications
Recent growth in the size and scope of databases has resulted in more
research into making productive use of this data. Unfortunately, a
significant stumbling block which remains is protecting the privacy of
the individuals that populate these datasets. As people spend more
time connected to the Internet, and conduct more of their daily lives
online, privacy becomes a more important consideration, just as the
data becomes more useful for researchers, companies, and
individuals. As a result, plenty of important information remains
locked down and unavailable to honest researchers today, due to fears
that data leakages will harm individuals.
Recent research in differential privacy opens a promising pathway to
guarantee individual privacy while simultaneously making use of the
data to answer useful queries. Differential privacy is a theory that
provides provable information theoretic guarantees on what any answer
may reveal about any single individual in the database. This approach
has resulted in a flurry of recent research, presenting novel
algorithms that can compute a rich class of computations in this
setting.
In this dissertation, we focus on some real world challenges that
arise when trying to provide differential privacy guarantees in the
real world. We design and build runtimes that achieve the mathematical
differential privacy guarantee in the face of three real world
challenges: securing the runtimes against adversaries, enabling
readers to verify that the answers are accurate, and dealing with data
distributed across multiple domains
- …